package com.junyuan.gsp.shiro;

import com.junyuan.gsp.util.CipherUtil;
import com.junyuan.gsp.util.JWTUtil;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;

/**
 * @Author: maxwellens
 */
public class CredentialsMatcher extends SimpleCredentialsMatcher
{
    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info)
    {
        if (token instanceof UsernamePasswordToken)
        {
            UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
            //获得用户输入的密码:(可以采用加盐(salt)的方式去检验)
            String inPassword = CipherUtil.encrypt(usernamePasswordToken.getUsername(),
                    new String(usernamePasswordToken.getPassword()));
            //获得数据库中的密码
            String dbPassword = (String) info.getCredentials();
            //进行密码的比对
            return this.equals(inPassword, dbPassword);
        }
        if (token instanceof JwtToken)
        {
            JwtToken jwtToken = (JwtToken) token;
            String username = JWTUtil.getUsername(jwtToken.getToken());
            boolean success = JWTUtil.verify(jwtToken.getToken(), username, (String) info.getCredentials());
            return success;
        }
        return false;
    }
}
